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Alerting Abstract US Al 

NOVELTY - A selected virus is introduced to the payload portion of the selected client devices that are not affected 
by the selected virus, by the infraction module. The infection module is modified to remove virus of computers 
infected by the selected virus, and the inoculation viral code is introduced into the payload portion to prevent further 
infection by the selected virus. 

DESCRIPTION - An INDEPENDENT CLAIM is also included for computer program product comprising 
computer readable medium storing anti-computer virus agent creation program. 

USE - For creating anti-computer virus agent in corporate local area network (LAN) and wide area network (WAN) 
interconnecting client devices such as desktop computer, laptop computer, thin client devices e.g. personal digital 
assistant (PDA), embedded appliance. 

ADVANTAGE - Effectively operates against particular vims, class or group of viruses, thereby providing great 
improvement in system uptime and reduction in system losses. 

DESCRIPTION OF DRAWINGS - The figure shows a block diagram of the virus monitoring system. 
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NOVELTY - The method involves performing antivirus actions on infected electronic mails which are identified 
through attached flags. The flags are attached to the electronic mails after they are identified to be infected by a 
computer virus. 

DESCRIPTION - An INDEPENDENT CLAIM is also included for a network system. 

USE - Used for network systems. Used for e.g. metropolitan area network, wide area network, local area network, 
wireless communication networks for mobile phones and personal digital assistants. 

ADVANTAGE - Prevents computer viruses from entering into a computer network through electronic mails. 
Enables reliable handling of electronic mails infected by computer viruses. 

DESCRIPTION OF DRAWINGS - The figure shows the flow diagram of the antivirus method for handling 
electronic mails in a network. 
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Alerting Abstract WO Al 

NOVELTY - An anti-virus program is installed in a computer which is connected to other computers infected with 
virus, through network. The clone of installed anti-virus program is transmitted to other computers sequentially 
along a virus infection route, after exterminating the virus present in one computer. 

DESCRIPTION - An INDEPENDENT CLAIM is also included for computer virus detection display method. 
USE - For exterminating computer virus. 

ADVANTAGE - Computer virus is exterminated one after another without requiring manual operation by user. 
DESCRIPTION OF DRAWINGS - The figure shows the flowchart explaining the computer virus extermination 
process. (Drawing includes non-English language text). 
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Alerting Abstract US Al 

NOVELTY - The client computers are scanned using server with virus monitor to identify virus infected or virus 
susceptible computers. The computers identified to be infected or susceptible, are isolated to prevent client-server 
connection between infected /susceptible computer and network. 
DESCRIPTION - INDEPENDENT CLAIMS are included for the following: 

1 . virus controlled network access method; 

2. virus controlled network maintenance method; 

3. virus migration prevention method; 

4. virus exclusion network system; 

5. server; 

6. client computer; 

7. computer network virus monitor; 

8. virus quarantine monitor; 

9. computer-readable recorded medium storing networks exclusion program; 

10. computer-readable recorded medium with virus migration prevention program; 

1 1 . computer-readable recorded medium storing network computing program; 

12. computer-readable recorded medium storing network connection monitoring program; and 

13. computer-readable recorded medium storing client computer quarantine program. 

USE - In computer networks for protecting against virus. 

ADVANTAGE - Prevents authorized connection between server and infected/susceptible client. Also prevents 
malicious hacking. 

DESCRIPTION OF DRAWINGS - The figure shows the flow diagram explaining network virus execution method. 
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Virus checking network for multimedia communication, Internet - detects virus affected packet based on 
virus pattern stored in memory and transmits bit indicating infection of packet to client side so that 
corresponding file is not executed 
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Alerting Abstract JP A 

NOVELTY - A virus check unit (12) checks for an infected packet (Pa) by observing header, based on virus pattern 
stored in memory (1 1) in the network side. The bit (Pb) denoting infection of packet, is then transmitted towards 
client terminal. DETAILED DESCRIPTION - A detector (21) in client side detects infected packets, and a file 
execution control unit (22) prevents execution of file corresponding to infected packet. The virus pattern information 
is distributed through network by pattern distributing unit (31). A vims pattern management unit (32) performs 
single element management of virus pattern controlled by administration bureau (30). 
USE - For detecting virus in internet, multimedia. 

ADVANTAGE - Since virus is detected in network side, virus infection and magnification is prevented. 
DESCRIPTION OF DRAWTNG(S) - The figure shows the block diagram of virus check network. (11) Memory; 
(12) Virus check unit; (21) Detector; (22) File execution control unit; (30) Administration bureau; (31) Pattern 
distributing unit; (Pa) Infected packet; (Pb) Bit. 
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Signature extraction method for protection of computer, involves generating malicious code packet including 
parameters associated with malicious code on host computer, and sending packet to local analysis center 
computer system 
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Alerting Abstract EP A2 

NOVELTY - A malicious code packet including parameters associated with malicious code detected on host 
computer, is created. The malicious code packet is transmitted to local analysis center computer system (112). 
DESCRIPTION - An INDEPENDENT CLAIM is also included for computer system. 

USE - For extracting signature for protection of computer system (claimed) e.g. workstation, portable computer, 
two-way pager, cellular telephone, digital wireless telephone, personal digital assistant and server connected to 
intranet and internet. 

ADVANTAGE - The malicious code can be detected automatically and rapidly, and the spread of malicious code 
is prevented. 

DESCRIPTION OF DRAWINGS - The figure shows the schematic view of computer system. 
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Network device control interface providing apparatus establishes data tunnel and control tunnel between 
general purpose processor and web switch 
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Alerting Abstract US Al 

NOVELTY - The apparatus establishes a data tunnel between a web switch (12) and a general purpose processor 
(GPP) (16). The web switch receives the data received by the GPP. The received data are inspected and operational 
control commands are generated at the web switch. The commands are transmitted to the GPP through a control 
tunnel. 

USE - For interactive control of network devices, used to block illegal transfer of copyrighted files, to block illegal 
file-sharing, to block intentional denial-of-service schemes and used as virus checker. 

ADVANTAGE - Allows the network switch to understand the GPP's capabilities and facilities, and thereby provides 

a consistent framework for interfacing future interactive devices. 

DESCRIPTION OF DRAWINGS - The figure shows the profile of the network. 
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Integrated security gateway apparatus for networking system, has black /one server is coupled to packet 
duplicating module for analyzing duplicated packet, and used as intrusion detection, antivirus or noxious site 
blocking system 
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Alerting Abstract US Al 

NOVELTY - The apparatus includes a packet duplicating module for receiving and duplicating an incoming packet 
from one of Ihe interna] and external networks. A BZ (black zone) server (430) is coupled to the packet duplicating 
module for analyzing the duplicated packet. The black zone server serves as one of an intrusion detection system, 
an antivirus system and a noxious site blocking system. 

DESCRIPTION - An inspection engine is coupled to the packet duplicating module and black zone server for 
inspecting whether the received incoming packet corresponds to selected packet to be blocked based on the analysis 
in the black zone server. An INDEPENDENT CLAIM is also included for a networking system. 
USE - For networking system used in wide-area networking. 

ADVANTAGE - Provides integrated intrusion detection functions as well as virtual private networking and firewall 
functions. 

DESCRIPTION OF DRAWINGS - The figure shows the schematic diagram of a VPN (virtual private network 
employing an integrated security gateway. 
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Alerting Abstract US Al 

NOVEFTY - A class value corresponding to predefined classes of data packets is identified to determine whether to 
grant packet access accordingly. The data packets are analyzed to determine whether bandwidth allocated for the 
predefined class of data packets is exhausted, or the access to data path requested for other packets corresponding to 
other classes have available allocated bandwidth. 

DESCRIPTION - An INDEPENDENT CFAIM is also included for computer-readable storage medium storing 
instructions for allocating bandwidth on an interface to communication network. 

USE - For allocating bandwidth of data path among different classes of data packets for performing different 
networking services such as virtual private networking, secure sockets layer processing, web caching, hypertext 
mark-up language compression, virus checking, firewall support and web-switching using multi-processor 
application. Also for servicing many different fields of parallel processing applications such as real-time video 
processing. 

ADVANTAGE - Data transmissions are not allowed until all classes exhaust their bandwidth, allowing packets to be 
assigned priority levels having corresponding amount of allocated bandwidth, thereby the quality service is 
enhanced. 

DESCRIPTION OF DRAWINGS - The figure shows a multiprocessor unit for performing bandwidth allocation. 
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Specification: ...or returns to check operation 404. 

Accordingly, as discussed above, host computer systems 104 automatically detect malicious code, which is 
infecting host computer systems 104. Further, host computer systems 104 also automatically generate and send 
extracted malicious code packets to local analysis center computer system 1 12. 

Local analysis center computer system 1 12 determines whether an attack is... 

Claims: ...said attack threshold has been exceeded, said method further comprising delivering said extracted 
malicious code packet to a global analysis center. 

22. The method of Claim 21 further comprising determining that a maximum number of said extracted malicious 

code packet. 

23. A computer system comprising: 

an intrusion prevention application for detecting an attack by malicious code on a first computer system; 
a host signature extraction application for extracting a malicious code... 
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...combines 

protocol decoding, decryption, and encryption, protocol 
translation/conversion, media packet decoding, decryption, 
demodulation, tone detection, speech recognition, software 
virus/worm detection, network address translation, and media 
packet encryption with microprocessor control for inspecting 
and analyzing packet-switched calls and implementing the 
access control functions designated in the security policy. 

[00141 As...00981 Media (payload) packets are decoded and if 
required, decrypted. The data from the media packet is 
analyzed as required by the security policy 202, which may 
include any or all of demodulation, tone detection, speech 
recognition, keyword detection, and software virus /worm 
detection, to monitor media packets for call content. This 
call content can be compared with the content type... 
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Detailed Description: 



...virus 

system and/or the site blocking system may be coupled, so 
that intrusion protection, virus checking and/or site 
blocking functions can be performed. 

The integrated security gateway apparatus 420 may 
include a built-in 13Z server at which the duplicated 
packets arc analyzed. 

Fig. 5 provides a hardware 



Claims: 

...selected packet to be 

blocked based on Ihe analysis result and selectivelyblocking the incoming packet depending on the 
inspectionresult, wherein the server complex includes a plurality ofservers for serving one of an intrusion detection 
function, an anti-virus function, and a noxious siteblocking function, andthe port complex includes a same 
number... based ontlie analysis result from the black zone servers andselectively blocking the incoming packet 
depending on theinspection result. 
19 The system of Claim 18, wherein the black zone 

servers are connected to of Claim 19, wherein each of the blackzone servers serves one of an intrusion 

detectionfunction, an anti-virus function, and a noxious siteblocking function. 
21 The system of Claim 19, wherein the.. .step, the steps of: 

receiving the duplicated packet;performing on the duplicated packet the intrusiondetection, anti- virus, and noxious 
blocking functions toanalyze the packet; andtransmitting the message packet containinginformation according to 
the analysis result to theinspection... 
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Detailed Description: 

...packet scanners can be used in lieu of or in addition to firewalls to dynamically analyze an incoming packet 
stream at a network domain boundary. Each packet is intercepted and analyzed while in transit into a protected 
enclave. However, active scanners can adversely affect the timing of packet delivery. Detecting computer viruses, 
malware and other bad content embedded in upper layer network protocols, in particular, at the transport.. .be 
recognized by one skilled in the art. 



In addition to the firewall 20, an antivirus system (AVS) 21 passively analyzes message packets incoming to the 

bounded network domain for the presence of computer viruses, malware, and other... maintains the 

6 

protocol-specific queues 41 at a constant size in pace with the antivirus scanner 32 and prevents protocol-specific 
queues 41 from becoming saturated by reassembled packets awaiting scanning. 

The event correlator 31 optionally provides a meta computer virus screening functionality to the antivirus system 
21. The event correlator 31 analyzes the reassembled packets in the protocol-specific queues 41 to identify patterns 
in the incoming packet stream indicative. ..refer generically to files, messages, articles, datagrams, and packets. The 
described embodiment performs the necessary antivirus scanning on packets of these types through passive packet 
screening. Thus, the throughput of message traffic through the network domain boundary remains unaffected by 
ongoing antivirus packet analyses. 

FIGURE 6 is a flow diagram showing 
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